General

  • Target

    e3a18febc482e9b91bd1fb70a0f48c0196114f88d7bac624171d53f35550acec.bin

  • Size

    760KB

  • Sample

    240728-1zwspa1hmb

  • MD5

    df34784f23a095863380fc46c9d05536

  • SHA1

    31a3bf2644602641832f6a3d144b517157225980

  • SHA256

    e3a18febc482e9b91bd1fb70a0f48c0196114f88d7bac624171d53f35550acec

  • SHA512

    20d9a0aac4609eaf656a558f28d9eef4cfeb9322b52ada075991f98c7c7237c53036c17819e00c2b708324da29b0fbe105287d7565da518dba73e8c23fc00d0f

  • SSDEEP

    12288:negS9a1a8LzeSnIV0YFt5WmpYshXZPbGwidNpg7s:nQ9a1ameSs0YFt5WmD9idNp/

Malware Config

Extracted

Family

spynote

C2

paris-bahrain.gl.at.ply.gg:39520

Targets

    • Target

      e3a18febc482e9b91bd1fb70a0f48c0196114f88d7bac624171d53f35550acec.bin

    • Size

      760KB

    • MD5

      df34784f23a095863380fc46c9d05536

    • SHA1

      31a3bf2644602641832f6a3d144b517157225980

    • SHA256

      e3a18febc482e9b91bd1fb70a0f48c0196114f88d7bac624171d53f35550acec

    • SHA512

      20d9a0aac4609eaf656a558f28d9eef4cfeb9322b52ada075991f98c7c7237c53036c17819e00c2b708324da29b0fbe105287d7565da518dba73e8c23fc00d0f

    • SSDEEP

      12288:negS9a1a8LzeSnIV0YFt5WmpYshXZPbGwidNpg7s:nQ9a1ameSs0YFt5WmD9idNp/

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Requests enabling of the accessibility settings.

    • Tries to add a device administrator.

MITRE ATT&CK Mobile v15

Tasks